Expressjs: Can't set httpOnly cookies in Postman. Response cookies are not there in the postman cookies tab

Question

I'm setting an httpOnly cookie after login in a user with bcrypt.

router.post('/login', (req, res) => {
    User.findOne({email: req.body.email}, function(err, user) {
        if (err) throw err;
        if (user) {
            user.comparePassword(req.body.password, function(err, isMatch) {
                if (err) throw err;
                let token = jwt.sign({ id: user._id }, process.env.SECRET_KEY, {expiresIn: '24h'});
                res.cookie('token', token, {maxAge: 60*1000, httpOnly: true, secure: true})
                res.status(200).json(user)
            });
        } else {
            res.status(404).send("User not found!")
        }
    });
});

But the problem is that, after sending the request in postman, no cookie is saved in the cookies tab. I can see the user data returned in postman as response body, also there's the response header Set-Cookie with value token=eyJhbGciO...19oUxXc; Max-Age=60; Path=/; Expires=Sun, 01 Aug 2021 17:49:39 GMT; HttpOnly; Secure, I don't know what this header does.

But there's no cookie in the response cookies tab in postman. Before I've seen every time a cookie comes as a response, it also displays in the response cookies tab. .

Answer 1

Solved! I needed to set secure=false in development.